http://packetstormsecurity.org/ 20 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0907-exploits/soulseek157-psexec.txt Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability. http://packetstormsecurity.org/0907-exploits/shopcartdx430-sql.txt Remote SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. This particular vulnerability was priorly discovered but further research has been performed. http://packetstormsecurity.org/0907-exploits/shopcartdx430-blindsql.txt Remote blind SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. http://packetstormsecurity.org/0907-exploits/cve-2008-3531.c Local root exploit for FreeBSD nmount(). This affects FreeBSD 7.0-RELEASE and 7.0-STABLE. http://packetstormsecurity.org/0907-exploits/axesstel-bypass.txt The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities. http://packetstormsecurity.org/0907-exploits/opialaid-sql.txt Opial version 1.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0907-advisories/glsa-200907-02.txt Gentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected. http://packetstormsecurity.org/0907-advisories/glsa-200907-01.txt Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected. http://packetstormsecurity.org/0907-exploits/rentventory-sql.txt Rentventory PHP suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/papers/general/petite-sql.txt This paper is a small SQL injection tutorial and is written in French. http://packetstormsecurity.org/0907-advisories/oCERT-2009-009.txt CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. http://packetstormsecurity.org/0907-advisories/USN-795-1.txt Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server. http://packetstormsecurity.org/0907-advisories/USN-794-1.txt Ubuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. http://packetstormsecurity.org/0907-exploits/joomla1512-xss.txt Joomla! versions prior to 1.5.12 suffer from multiple cross site scripting vulnerabilities in relation to HTTP headers. http://packetstormsecurity.org/0907-advisories/HPSBUX02431-SSRT090085.txt HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. http://packetstormsecurity.org/0907-advisories/HPSBUX02440-SSRT090106.txt HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS). http://packetstormsecurity.org/0907-advisories/USN-793-1.txt Ubuntu Security Notice USN-793-1 - Multiple vulnerabilities associated with the Linux 2.6 kernel have been addressed. These issues range from arbitrary code execution to denial of service vulnerabilities. http://packetstormsecurity.org/0907-exploits/opial-sql.txt Opial version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0907-exploits/sourcefire-escalate.txt Sourcefire 3D Sensor and Defense Center versions 4.8.1 and below suffer from a privilege escalation vulnerability. http://packetstormsecurity.org/0907-exploits/adminlog-bypass.txt AdminLog version 0.5 suffers from an authentication bypass vulnerability.